This patent application provides further separate innovation and utility of methods and processes set forth in pending Utility patent application Ser. No. 11/520,857. The creation of computer systems, networks of computers, and associated software that allow for the movement of sensitive and/or classified documents within and among computer networks has by its very nature reduced the rigor of document security control as it was applied in previous paper document/information control systems. “Need to Know” determinations essential to information security control in paper based access control systems for national security classifications have been suspended for electronic documents/information developed, moved/transmitted and stored on computer systems and networks of computer systems in lieu of alleged productivity gains. The productivity attributes of document development software applications have compounded this document/information security problem by providing hard copy output generation or other electronic output views of the information contained in electronic documents, that may not reflect the full content of the information contained in an electronic document, and thus may not reflect the full sensitivity or national security classification of the information contained in the electronic document, thereby subjecting the document/information to possible mishandling and/or compromise.
The productivity gains of computers, computer networks, and document development software, have led to the development of sensitive and classified computer networks without sufficient methods for positive identification and persistent and consistent feedback for the developer/user of an electronic document of all possible information in the electronic document as well as the lack of developer/user capability to assign or determine corresponding sensitivity or classification designation for the informational content of the entire electronic document. This significant shortcoming has resulted in lack of positive controls at the document level to adequately control access to information in electronic document format within a physical security perimeter set for a sensitive or classified network or domain. In addition, current security processes and software to control information in electronic documents do not provide adequate assurance and verification and alerting capabilities to determine that the information is not breaching physical security perimeters among networks or domains of networks, approved for different levels of sensitive or classified information. In addition to these short comings, The capability to store huge numbers of documents/information on portable media devices, the ease of transferring information between or among computers, and the practice of close physical proximity of computers of differing classification and/or sensitivity levels to enhance user productivity, multiply the potential risk and damage associated with lack of positive security control of documents/information resident within security perimeters established for computers or networks of computer.
Recent inventions that provide user assurance of appropriate national security or sensitivity classification assessment and classification determinations for information in electronic documents, persistent document marking capability for electronic documents, and the association of unique classification codes embedded in the document's electronic shell, have not fully accounted for the information classification problem associated with productivity features found in most document development host software applications. The ability to provide comments or notes within a document or to hide text/information in an electronic document or it's electronic shell, as well as the ability to provide application or user driven subset views of the information contained in an electronic document are some typical document development software application features that may mislead a user's understanding or ability to ascertain the full or complete classification or sensitivity value of the information contained within the total electronic document and may cause the mishandling or compromise of information contained in an electronic document. Currently, user's of electronic document files are unable to determine a classification or sensitivity distinction between a subset view of the informational content of a document generated by a document development software application that they may be handling and the full or complete classification determination of the all the information regardless of the application attributes, visible, hidden, etc, assigned to information contained in the document. The ability of document originators, subsequent authors of a document, as well as subsequent systems users that may develop and or subsequently use or move electronic document information on computer systems and computer networks to know the full sensitivity or classification value of an electronic document is of critical importance to assuring and enforcing complete control of sensitive or classified information.
Similarly, automated means and software programs designed to control access to electronic document information or to control the movement or storage of electronic documents in real-time require positive, and persistent means to determine the full classification value of the information contained in the total electronic document in order to be effective. Control systems based on document/information sensitivity and classification determinations that do not account for the full or complete sensitivity or classification potential of the information contained in an electronic document have ineffective control structures and establish potential systemic or “programmed-in” vulnerabilities into the control systems for electronic documents. The current state of developing, processing and disseminating sensitive and/or classified electronic information for stand-alone computers, networked computers and domains of networks is piecemeal, relying on disparate, text based sensitivity determinations on possible subset informational or “print” views of the electronic document to identify sensitivity or national security classification, and provide ineffective security control of the movement of, and access to, sensitive and/or classified electronic documents/information on computer networks.
Such control systems have not accounted for the potential to overlook portions of the content of an electronic document that may change the value of the document's sensitivity or classification. As an example, most modern word processing and document development software provides the capability for Comments, Notes, Hidden Text, etc to be established in a document's electronic file. However, the user must select to view such information by specifically selecting controls in the application to view that information. Failure to view or account for such potentially hidden information when classifying a document as to it's sensitivity or national security designation may lead to catastrophic miss-classification of the document/information and have a ripple effect for subsequent users of the document that rely on the text classification marks of the “print” view of the document to determine how to appropriately disseminate, move or store an electronic document on a computer network. The productivity gains of computers and computer networks as well as associated communication capability to transmit electronic document information exacerbate this information control problem.
In addition, subsequent users of such documents may be mislead by subset views provided by modern document development software applications of the information contained in an electronic document which may result in false assumptions of the classification value of the displayed or subset information, resulting in mishandling of the electronic documents as well as mishandling printed views of the subset information. For example, a user may receive an electronic document whereby comments made by a previous user of the electronic document were not assessed and/or classified by the previous user. The comments inserted into the electronic document are of a higher classification value and require additional protection than the classification marking for the electronic document when displayed without the comments being visible. The subsequent user elects to display comments in his/or her view of the information contained in the electronic document. The subsequent user prints that view of the electronic document not realizing that the information contained therein is improperly classified and marked. In addition to an improperly marked hard copy of the information, the second user unknowingly forwards the electronic document to another user on the network who is not authorized to have access to the information contained in the comments, thereby compromising the information.
Document development and dissemination software has also led to multiple computers, possibly representing multiple networks, side by side on users desks at different levels of sensitivity or classification without sufficient capability to alert security personnel to breaches or spills of information, whether intentional or inadvertent, among the various systems.
Compounding these systemic flaws, there currently is little positive and accurate control and tracking over the access to and the movement of such information within the security perimeters of authorized computer networks or among authorized network domains. As a result, Government and businesses are grappling with intentional insider threats and perimeter breaches to sensitive and classified information on their systems, as well as inadvertent disclosures from their systems that compromise protected critical or national security classified information.
Attempts at text-based controls for sensitive and classified information have been ineffective due to false negatives as well as false positives, and their inability to adequately handle compilation classification designations as well as the inability to handle graphics and other modern features of computer document development software.
In order for electronic document security to be effective new methods are needed to assure that the classification process assesses all potential information, both visible and hidden, contained within an electronic document, that both the classification of the complete electronic document file, as well as the classification of the current output view of the document are available, dynamic, persistent and apparent to users of the electronic document file in real-time, and that electronic document/information dissemination, movement, access and media storage controls are based on the full classification value of the information in a document.
The present invention by means of full and complete value classification determinations of all information contained in an electronic document, as well as the use of persistent, unique codes to represent the full classification determination in the shell of an electronic document, provides a positive basis for effective controls for electronic documents, as well as the establishment of meaningful virtual electronic perimeters that are based on positive, and reliable identification of an electronic document's full value sensitivity or classification.
In the instant invention the methods and processes established to ensure full value user classification determinations of all the information contained in electronic documents and the assignment and registry of unique representative classification coding combine to enable additional methods and processes to:                1. Identify, positively and reliably, the full sensitivity/classification of all information in an electronic document to system/application users;        2. Provide positive and immediate methods with which to control access to electronic documents to authorized system users;        3. Control, positively and reliably, the movement of electronic documents on a network operating in a multi-level classification mode;        4. Identify, positively and reliably, a breach of a physical security perimeter between computers, computer networks or systems of computer networks operating at different levels of sensitivity or classification, without compromising or providing unnecessary insight into the classification criteria, or sensitive program designations.        
Any software firm that produces document security control software needs to make their product line more effective in sensitive and classified information network environments. Any government or government sponsored entity authorized to classify or handle national security classified information needs more effective security software for computers and networks.
Needs exist for new and positive methods of identifying and assuring the proper classification of all information contained in an electronic document in real-time. Needs exist for positive feedback to users of host document development applications to ensure that they know the full classification level of an electronic document so that they can properly protect the information in accordance with the standards of their organization, or law. Needs exist for methods of real-time positive security controls for electronic documents based on reliable and persistent full classification determinations of all information contained in the electronic document without compromising sensitive programs or classification criteria, to control and protect electronic documents/information on computer networks, as well as provide the capability of alerting security personnel to breaches of physical security perimeters among networks at different levels of classification or sensitivity.